Point of sale terminals are the bread and butter of commerce these days, yet not all of these devices are safe from harm. A recent Windows zero-day vulnerabilities put several dozens of US companies at risk, which let attackers remotely execute code on the targeted computer.
The Risk of Point of Sale Terminals In Commerce
Despite the convenience offered by point of sale devices – for accepting card payments and contactless payments – several security concerns need to be addressed. The recent zero-day vulnerability which let hackers exploit a privilege flaw in the win32k Windows Graphics subsystem is just one of the many examples.
This zero-day vulnerability was primarily used to target retail and restaurant locations, allowing hackers to remotely execute code. Not only would this allow internet criminals to crash particular applications, but it also lets them execute arbitrary code. One example of such code would let hackers steal the Track 1 and 2 data from every payment card processed by the point of sale terminal itself.
Malware has been a real plague for point of sale operators and manufacturers for quite some time now. Considering how most US locations still swipe cards, rather than using the PIN method to confirm payments, hackers are keeping a close eye on this market in an attempt to steal sensitive financial information.
Despite these advancements made by Fintech companies in the field of payment cards, adoption rates by merchants are still behind the curve. Getting staff to use EMV payments instead of swiping the card involves breaking a course of habit which has been ingrained into their day-to-day operations for quite some time now.
At the same time, consumers need to be made aware of how this new payment card security can protect their financial data. FinTech companies are not only responsible for creating new forms of technology, but they also need to educate merchants and consumers as to why these changes are so important. The loss of credit card information through point of sale devices is a grave concern, and in this day and age of rapid technological innovations, there is still a lot of work to be done.
Header image courtesy of Shutterstock